<?php

require_once 'LoginException.class.php';
/**
 * Description of Authnication
 *
 * @author samantha
 */
class Authentication {

    /**
     * Check user is loged-in
     * @return boolean
     */
    public function isAuth() {
        if (isset($_SESSION['login'])) {
            return true;
        } else {
            return false;
        }
    }

    /**
     * Log In User 
     * 
     * @param type $userName
     * @param type $password
     * @throws LoginException if failed to log in
     */
    public function login($userName, $password) {
        $pdo = DbConnection::getInstance()->conn;

        $query = $pdo->prepare("SELECT us.pass, us.auth, us.tit, us.ufname, us.des, us.uid, " .
                "us.unid, un.unit, us.user_role_id, us.status, ur.name as user_role_name " . 
                "FROM user us " . 
                "LEFT JOIN unit un ON (us.unid = un.unid) " . 
                "LEFT JOIN user_role ur ON (us.user_role_id = ur.id) WHERE uname = ?");
        $query->execute(array($userName));
        $result = $query->fetch();
        if ($result['pass'] == md5($password)) {
            
            // check user account status
            if ($result['status'] == AuthUser::STATUS_PENDING_APPROVAL) {
                throw new LoginException('Your account registration has not been approved yet.');
            } else if ($result['status'] == AuthUser::STATUS_DISABLED) {
                throw new LoginException('Your account has been disabled');
            } else if ($result['status'] == AuthUser::STATUS_REJECTED) {
                throw new LoginException('Your account registration was not approved');
            }  else if ($result['status'] == AuthUser::STATUS_DELETED) {
                throw new LoginException('Your account is deleted');
            } else {            
                $_SESSION['login'] = true;
                $_SESSION['auth'] = $result['auth'];
                $_SESSION['un'] = $result['tit'] . " " . $result['ufname'];
                $_SESSION['des'] = $result['des'];
                $_SESSION['uid'] = $result['uid'];
                $_SESSION['unid'] = $result['unid'];
                $_SESSION['unit'] = $result['unit'];
                $_SESSION['user_role_name'] = $result['user_role_name']; 
                $_SESSION['user_role_id'] = $result['user_role_id'];

                $lt     = time();
                $lip    = $_SERVER['REMOTE_ADDR'];
                $logQuery = $pdo->prepare("INSERT INTO log (uid,lt,lip) VALUES(?,?,?)");
                $logQuery->execute(array($result['uid'],$lt,$lip));

                $_SESSION['lid'] = $pdo->lastInsertId();

                return true;
            }
        } else {
            throw new LoginException('Please enter correct username / password');
        }
    }

    /**
     * Get Log in user
     */
    public static function getLogedinUser() {
        if (isset($_SESSION['login'])) {
            $authUser = new AuthUser();
            $authUser->setUserName($_SESSION['un']);
            $authUser->setUnit($_SESSION['unit']);
            $authUser->setUserId($_SESSION['uid']);
            $authUser->setUserRole($_SESSION['user_role_name']);
            $authUser->setUserRoleId($_SESSION['user_role_id']);
            
            return $authUser;
        } else {
            return null;
        }
    }

}
